Seeing as the main site got Let's Encrypt and that this site is on a dedicated IP, I don't see it as being too hard, unless the vBulletin license is such that changing would mean needing a license for a new server.

I think it's more neglection. The front page is the most activity we have seen in 4+ years. The forums still has references to AOL servers. Honestly if 5.8 was never leaked, then i doubt the front page would have been updated.

(┛◉Д◉)┛彡ʎɯouoıpɐɹ

Current status of Winamp 5.8: Beta released, the last desktop version get wacup

Homepage might not actually have HTTPS after all, as it is a Cloudflare (likely Business/$200/mo due to the custom certificate) IP address, and Cloudflare supports cheating by having their proxy run HTTPS but the backend run unencrypted. Browsers and search engines will just blindly see it as valid.

It would be Winamp's responsibility for failing to provide even minimal industry standard security.

The Grade C given by SSL Labs is due to supporting SSLv3, and as a result being vulnerable to POODLE.
Even if SSLv3 were turned off, it would be capped to B because the site administrator installing the certificate file but not the chain file. This can cause a browser error if the intermediate certificate is not already in the browser's cache.

The server does support TLS 1.2, so the SSL toolkit installed on the server isn't completely obsolete.
The server does support strong ciphersuites, but at the same time supports the broken RC4 suite, and does not set server preference to the strong suites.

HTTPS is definitely industry standard and has been for quite some time now. This is the only web site I have seen in a long time that does not use HTTPS. I even do it on my internal Web für NAS, etc., because it's easy and doesn't cost anything (Let's Encrypt, for instance). Today, I did get odd spam with the little used mail address I used to register today. Could be coincidence, but who knows.....

https SS) is normally required on websites/forums that use "password fields" or contain other private data of users. The new "GDPR" law also states that it must be made clear that cookies are stored, and whether scripts transfer data to external websites. This only applies in the EU. But since there are users who live in the EU, this law should also apply to the relevant site. I have translated 2 extensions that contain this law, so I know what I am talking about.